use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.
the class DefaultAccountMapper method getAttribute.
/**
* Returns the attribute value configured in the given entity
* SP or IDP configuration.
* @param realm realm name.
* @param entityID hosted <code>EntityID</code>.
* @param attributeName name of the attribute.
*/
protected String getAttribute(String realm, String entityID, String attributeName) {
if (realm == null || entityID == null || attributeName == null) {
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getAttribute: " + "null input parameters.");
}
return null;
}
try {
BaseConfigType config = null;
if (role.equals(IDP)) {
config = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, entityID);
} else {
config = WSFederationUtils.getMetaManager().getSPSSOConfig(realm, entityID);
}
Map attributes = WSFederationMetaUtils.getAttributes(config);
if (attributes == null || attributes.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getAttribute:" + " attribute configuration is not defined for " + "Entity " + entityID + " realm =" + realm + " role=" + role);
}
return null;
}
List list = (List) attributes.get(attributeName);
if (list != null && list.size() > 0) {
return (String) list.iterator().next();
}
if (debug.messageEnabled()) {
debug.message("DefaultSPAccountMapper.getAttribute: " + attributeName + " is not configured.");
}
return null;
} catch (WSFederationMetaException sme) {
if (debug.warningEnabled()) {
debug.warning("DefaultSPAccountMapper.getAttribute:" + "Meta Exception", sme);
}
}
return null;
}
use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.
the class WSFederationUtils method isSignatureValid.
/**
* Determine the validity of the signature on the <code>Assertion</code>
* @param assertion SAML 1.1 Assertion
* @param realm Realm for the issuer
* @param issuer Assertion issuer - used to retrieve certificate for
* signature validation.
* @return true if the signature on the object is valid; false otherwise.
*/
public static boolean isSignatureValid(Assertion assertion, String realm, String issuer) {
boolean valid = false;
String signedXMLString = assertion.toString(true, true);
String id = assertion.getAssertionID();
try {
FederationElement idp = metaManager.getEntityDescriptor(realm, issuer);
X509Certificate cert = KeyUtil.getVerificationCert(idp, issuer, true);
XMLSignatureManager manager = XMLSignatureManager.getInstance();
valid = SigManager.getSigInstance().verify(signedXMLString, id, Collections.singleton(cert));
} catch (WSFederationMetaException ex) {
valid = false;
} catch (SAML2Exception ex) {
valid = false;
}
if (!valid) {
String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? signedXMLString : id, realm, issuer };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
}
return valid;
}
use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.
the class CreateMetaDataModelImpl method createWSFedProvider.
/**
* Creates a WS Federation provider.
*
* @param realm Realm Name.
* @param entityId Entity Id.
* @param values Map of property name to values.
*
* @throws AMConsoleException if duplicate metaAliases provided or unable to create or import metadata.
* */
public void createWSFedProvider(String realm, String entityId, Map values) throws AMConsoleException {
try {
List<String> metaAliases = getFederationAlias(values, MetaTemplateParameters.P_WS_FED_ALIASES);
Set<String> duplicateCheck = new HashSet<String>(metaAliases);
if (duplicateCheck.size() < metaAliases.size()) {
throw new AMConsoleException(getLocalizedString("federation.create.provider.duplicate.metaAlias"));
}
WSFederationMetaManager metaManager = new WSFederationMetaManager();
metaManager.validateMetaAliasForNewEntity(realm, metaAliases);
String metadata = CreateWSFedMetaDataTemplate.createStandardMetaTemplate(entityId, values, requestURL);
String extendedData = CreateWSFedMetaDataTemplate.createExtendedMetaTemplate(entityId, values);
FederationElement elt = (FederationElement) WSFederationMetaUtils.convertStringToJAXB(metadata);
String federationID = elt.getFederationID();
if (federationID == null) {
federationID = WSFederationConstants.DEFAULT_FEDERATION_ID;
}
metaManager.createFederation(realm, elt);
FederationConfigElement cfg = (FederationConfigElement) WSFederationMetaUtils.convertStringToJAXB(extendedData);
metaManager.createEntityConfig(realm, cfg);
} catch (WSFederationMetaException ex) {
throw new AMConsoleException(ex.getMessage());
} catch (JAXBException ex) {
throw new AMConsoleException(ex.getMessage());
} catch (CertificateEncodingException ex) {
throw new AMConsoleException(ex.getMessage());
}
}
use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.
the class EntityModelImpl method getWSFedEntities.
/**
* Returns a map of all the wsfed entities including data about
* what realm, the roles, and location of each entity.
*
* @throws AMConsoleException if unable to retrieve the WSFED entities.
*/
public Map getWSFedEntities() throws AMConsoleException {
Map wsfedMap = new HashMap();
for (Iterator i = realms.iterator(); i.hasNext(); ) {
String realm = (String) i.next();
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager();
Set wsfedEntities = metaManager.getAllEntities(realm);
List hosted = metaManager.getAllHostedEntities(realm);
for (Iterator j = wsfedEntities.iterator(); j.hasNext(); ) {
String entity = (String) j.next();
Map data = new HashMap(8);
data.put(REALM, realm);
data.put(PROTOCOL, WSFED);
data.put(ROLE, listToString(getWSFedRoles(entity, realm)));
if ((hosted != null) && (hosted.contains(entity))) {
data.put(LOCATION, HOSTED);
} else {
data.put(LOCATION, REMOTE);
}
String entityNamewithRealm = entity + "," + realm;
wsfedMap.put(entityNamewithRealm, (HashMap) data);
}
} catch (WSFederationMetaException e) {
debug.error("EntityModel.getWSFedEntities", e);
throw new AMConsoleException(e.getMessage());
}
}
return (wsfedMap != null) ? wsfedMap : Collections.EMPTY_MAP;
}
use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.
the class EntityModelImpl method getWSFedRoles.
public List getWSFedRoles(String entity, String realm) {
List roles = new ArrayList(4);
boolean isSP = true;
int cnt = 0;
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager();
if (metaManager.getIDPSSOConfig(realm, entity) != null) {
roles.add(IDENTITY_PROVIDER);
}
if (metaManager.getSPSSOConfig(realm, entity) != null) {
roles.add(SERVICE_PROVIDER);
}
//to handle dual roles specifically for WSFED
if (roles.isEmpty()) {
FederationElement fedElem = metaManager.getEntityDescriptor(realm, entity);
if (fedElem != null) {
for (Iterator iter = fedElem.getAny().iterator(); iter.hasNext(); ) {
Object o = iter.next();
if (o instanceof UriNamedClaimTypesOfferedElement) {
roles.add(IDENTITY_PROVIDER);
isSP = false;
} else if (o instanceof TokenIssuerEndpointElement) {
cnt++;
}
}
if ((isSP) || (cnt > 1)) {
roles.add(SERVICE_PROVIDER);
}
}
}
} catch (WSFederationMetaException e) {
debug.warning("EntityModelImpl.getWSFedRoles", e);
}
return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Aggregations